Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export

includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes. id: CVE-2019-17228 info: name: Motors Car Dealer & Classified Ads = 1.4.0 - Unauthenticated settings...

CVE-2023-53896 D-Link DAP-1325 Hardware A1 Unauthenticated Configuration Download

D-Link DAP-1325 firmware version 1.01 contains a broken access control vulnerability that allows unauthenticated attackers to download device configuration settings without authentication. Attackers can exploit the /cgi-bin/ExportSettings.sh endpoint to retrieve sensitive configuration informatio...

EUVD-2021-34175

Malicious code in bioql PyPI...

CVE-2021-4400

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearchprocesssettingsimport and bsearchprocesssettingsexport functions. This makes it possible for unauthenticat...

CVE-2021-4353

The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export function which makes makes it possible for unauthenticated attackers to export the plugin...

CVE-2025-0954 WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import

The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the jsonimport and jsonexport functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and export the plugin's setting...

CVE-2025-0954 WP Online Contract <= 5.1.4 - Missing Authorization to Unauthenticated Settings Import

The WP Online Contract plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the jsonimport and jsonexport functions in all versions up to, and including, 5.1.4. This makes it possible for unauthenticated attackers to import and export the plugin's setting...

CVE-2025-1502 IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export

The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'downloadip2locationredirectionbackup' AJAX action in all versions up to, and including, 1.33.3. This makes it possible for unauthenticated attackers to download...

CVE-2025-1502 IP2Location Redirection <= 1.33.3 - Missing Authorization to Unauthenticated Settings Export

The IP2Location Redirection plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'downloadip2locationredirectionbackup' AJAX action in all versions up to, and including, 1.33.3. This makes it possible for unauthenticated attackers to download...

CVE-2025-1063

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.4 via the rtcltaxonomysettingsexport function. This makes it possible for unauthenticated attackers to extract sensiti...

PT-2025-7813 · WordPress · The Classified Listing – Classified Ads & Business Directory Plugin

Name of the Vulnerable Software and Affected Versions: Classified Listing – Classified ads & Business Directory Plugin versions up to, and including, 4.0.4 Description: The issue allows unauthenticated attackers to extract sensitive data, including API keys and tokens, via the rtcl taxonomy...

WordPress plugin Classified Listing 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Export vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

WordPress plugin Logo Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-1095

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

CVE-2024-1095

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

CVE-2024-1095 Build & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 - Missing Authorization

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

PT-2024-16659 · WordPress · Build & Control Block Patterns – Boost Up Gutenberg Editor

Name of the Vulnerable Software and Affected Versions: The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress versions up to, and including, 1.3.5.4 Description: The issue is related to unauthorized access of data due to a missing capability check on the settings expo...

WordPress Plugin Build & Control Block Patterns Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-6289

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens...